strapi-plugin-magic-sessionmanager 4.4.4 → 4.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/server/index.js +19 -13
  2. package/dist/server/index.mjs +19 -13
  3. package/package.json +3 -3
package/dist/server/index.js CHANGED
@@ -199,14 +199,15 @@ const IV_LENGTH = 16;
199
199
  function getEncryptionKey() {
200
200
  const envKey = process.env.SESSION_ENCRYPTION_KEY;
201
201
  if (envKey) {
202
- const key2 = crypto$1.createHash("sha256").update(envKey).digest();
203
- return key2;
202
+ return crypto$1.createHash("sha256").update(envKey).digest();
204
203
  }
205
- const strapiKeys = process.env.APP_KEYS || process.env.API_TOKEN_SALT || "default-insecure-key";
206
- const key = crypto$1.createHash("sha256").update(strapiKeys).digest();
207
- console.warn("[magic-sessionmanager/encryption] [WARNING] No SESSION_ENCRYPTION_KEY found. Using fallback (not recommended for production).");
208
- console.warn("[magic-sessionmanager/encryption] Set SESSION_ENCRYPTION_KEY in .env for better security.");
209
- return key;
204
+ const strapiKeys = process.env.APP_KEYS || process.env.API_TOKEN_SALT;
205
+ if (!strapiKeys) {
206
+ throw new Error(
207
+ "[magic-sessionmanager] No encryption key available. Set SESSION_ENCRYPTION_KEY in your .env file, or ensure APP_KEYS is configured."
208
+ );
209
+ }
210
+ return crypto$1.createHash("sha256").update(strapiKeys).digest();
210
211
  }
211
212
  function encryptToken$2(token) {
212
213
  if (!token) return null;
@@ -1198,7 +1199,7 @@ var admin$1 = {
1198
1199
  path: "/license/status",
1199
1200
  handler: "license.getStatus",
1200
1201
  config: {
1201
- policies: []
1202
+ policies: ["admin::isAuthenticatedAdmin"]
1202
1203
  }
1203
1204
  },
1204
1205
  {
@@ -1206,7 +1207,7 @@ var admin$1 = {
1206
1207
  path: "/license/auto-create",
1207
1208
  handler: "license.autoCreate",
1208
1209
  config: {
1209
- policies: []
1210
+ policies: ["admin::isAuthenticatedAdmin"]
1210
1211
  }
1211
1212
  },
1212
1213
  {
@@ -1214,7 +1215,7 @@ var admin$1 = {
1214
1215
  path: "/license/create",
1215
1216
  handler: "license.createAndActivate",
1216
1217
  config: {
1217
- policies: []
1218
+ policies: ["admin::isAuthenticatedAdmin"]
1218
1219
  }
1219
1220
  },
1220
1221
  {
@@ -1222,7 +1223,7 @@ var admin$1 = {
1222
1223
  path: "/license/ping",
1223
1224
  handler: "license.ping",
1224
1225
  config: {
1225
- policies: []
1226
+ policies: ["admin::isAuthenticatedAdmin"]
1226
1227
  }
1227
1228
  },
1228
1229
  {
@@ -1230,7 +1231,7 @@ var admin$1 = {
1230
1231
  path: "/license/store-key",
1231
1232
  handler: "license.storeKey",
1232
1233
  config: {
1233
- policies: []
1234
+ policies: ["admin::isAuthenticatedAdmin"]
1234
1235
  }
1235
1236
  },
1236
1237
  // Geolocation (Premium Feature)
@@ -1817,6 +1818,11 @@ var session$3 = {
1817
1818
  if (!ipAddress) {
1818
1819
  return ctx.badRequest("IP address is required");
1819
1820
  }
1821
+ const IPV4_REGEX = /^(\d{1,3}\.){3}\d{1,3}$/;
1822
+ const IPV6_REGEX = /^[0-9a-fA-F:]+$/;
1823
+ if (!IPV4_REGEX.test(ipAddress) && !IPV6_REGEX.test(ipAddress)) {
1824
+ return ctx.badRequest("Invalid IP address format");
1825
+ }
1820
1826
  const licenseGuard2 = strapi.plugin("magic-sessionmanager").service("license-guard");
1821
1827
  const pluginStore = strapi.store({
1822
1828
  type: "plugin",
@@ -2740,7 +2746,7 @@ var session$1 = ({ strapi: strapi2 }) => {
2740
2746
  }
2741
2747
  };
2742
2748
  };
2743
- const version$1 = "4.4.3";
2749
+ const version$1 = "4.4.4";
2744
2750
  const require$$2 = {
2745
2751
  version: version$1
2746
2752
  };
package/dist/server/index.mjs CHANGED
@@ -186,14 +186,15 @@ const IV_LENGTH = 16;
186
186
  function getEncryptionKey() {
187
187
  const envKey = process.env.SESSION_ENCRYPTION_KEY;
188
188
  if (envKey) {
189
- const key2 = crypto$1.createHash("sha256").update(envKey).digest();
190
- return key2;
189
+ return crypto$1.createHash("sha256").update(envKey).digest();
191
190
  }
192
- const strapiKeys = process.env.APP_KEYS || process.env.API_TOKEN_SALT || "default-insecure-key";
193
- const key = crypto$1.createHash("sha256").update(strapiKeys).digest();
194
- console.warn("[magic-sessionmanager/encryption] [WARNING] No SESSION_ENCRYPTION_KEY found. Using fallback (not recommended for production).");
195
- console.warn("[magic-sessionmanager/encryption] Set SESSION_ENCRYPTION_KEY in .env for better security.");
196
- return key;
191
+ const strapiKeys = process.env.APP_KEYS || process.env.API_TOKEN_SALT;
192
+ if (!strapiKeys) {
193
+ throw new Error(
194
+ "[magic-sessionmanager] No encryption key available. Set SESSION_ENCRYPTION_KEY in your .env file, or ensure APP_KEYS is configured."
195
+ );
196
+ }
197
+ return crypto$1.createHash("sha256").update(strapiKeys).digest();
197
198
  }
198
199
  function encryptToken$2(token) {
199
200
  if (!token) return null;
@@ -1185,7 +1186,7 @@ var admin$1 = {
1185
1186
  path: "/license/status",
1186
1187
  handler: "license.getStatus",
1187
1188
  config: {
1188
- policies: []
1189
+ policies: ["admin::isAuthenticatedAdmin"]
1189
1190
  }
1190
1191
  },
1191
1192
  {
@@ -1193,7 +1194,7 @@ var admin$1 = {
1193
1194
  path: "/license/auto-create",
1194
1195
  handler: "license.autoCreate",
1195
1196
  config: {
1196
- policies: []
1197
+ policies: ["admin::isAuthenticatedAdmin"]
1197
1198
  }
1198
1199
  },
1199
1200
  {
@@ -1201,7 +1202,7 @@ var admin$1 = {
1201
1202
  path: "/license/create",
1202
1203
  handler: "license.createAndActivate",
1203
1204
  config: {
1204
- policies: []
1205
+ policies: ["admin::isAuthenticatedAdmin"]
1205
1206
  }
1206
1207
  },
1207
1208
  {
@@ -1209,7 +1210,7 @@ var admin$1 = {
1209
1210
  path: "/license/ping",
1210
1211
  handler: "license.ping",
1211
1212
  config: {
1212
- policies: []
1213
+ policies: ["admin::isAuthenticatedAdmin"]
1213
1214
  }
1214
1215
  },
1215
1216
  {
@@ -1217,7 +1218,7 @@ var admin$1 = {
1217
1218
  path: "/license/store-key",
1218
1219
  handler: "license.storeKey",
1219
1220
  config: {
1220
- policies: []
1221
+ policies: ["admin::isAuthenticatedAdmin"]
1221
1222
  }
1222
1223
  },
1223
1224
  // Geolocation (Premium Feature)
@@ -1804,6 +1805,11 @@ var session$3 = {
1804
1805
  if (!ipAddress) {
1805
1806
  return ctx.badRequest("IP address is required");
1806
1807
  }
1808
+ const IPV4_REGEX = /^(\d{1,3}\.){3}\d{1,3}$/;
1809
+ const IPV6_REGEX = /^[0-9a-fA-F:]+$/;
1810
+ if (!IPV4_REGEX.test(ipAddress) && !IPV6_REGEX.test(ipAddress)) {
1811
+ return ctx.badRequest("Invalid IP address format");
1812
+ }
1807
1813
  const licenseGuard2 = strapi.plugin("magic-sessionmanager").service("license-guard");
1808
1814
  const pluginStore = strapi.store({
1809
1815
  type: "plugin",
@@ -2727,7 +2733,7 @@ var session$1 = ({ strapi: strapi2 }) => {
2727
2733
  }
2728
2734
  };
2729
2735
  };
2730
- const version$1 = "4.4.3";
2736
+ const version$1 = "4.4.4";
2731
2737
  const require$$2 = {
2732
2738
  version: version$1
2733
2739
  };
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "4.4.4",
2
+ "version": "4.4.5",
3
3
  "keywords": [
4
4
  "strapi",
5
5
  "strapi-plugin",
@@ -53,7 +53,7 @@
53
53
  "@semantic-release/github": "^11.0.2",
54
54
  "@semantic-release/npm": "^12.0.1",
55
55
  "@semantic-release/release-notes-generator": "^14.0.1",
56
- "@strapi/strapi": "^5.33.4",
56
+ "@strapi/strapi": "^5.36.0",
57
57
  "@strapi/sdk-plugin": "^5.3.2",
58
58
  "prettier": "^3.6.2",
59
59
  "react": "^18.3.1",
@@ -62,7 +62,7 @@
62
62
  "styled-components": "^6.3.8"
63
63
  },
64
64
  "peerDependencies": {
65
- "@strapi/strapi": "^5.33.4",
65
+ "@strapi/strapi": "^5.36.0",
66
66
  "@strapi/sdk-plugin": "^5.3.2",
67
67
  "react": "^18.3.1",
68
68
  "react-dom": "^18.3.1",